defirisk.co
rubric v1.7.0

Admin key custody type

Superstate's assessment for RD-F-025 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Admin key custody type is EOA. Two operation-specific EOA addresses own separate ProxyAdmin contracts: USTB ProxyAdmin (0xb9d285DC...) owned by 0xad309BB6...; USCC ProxyAdmin (0x2Bb7B8B4...) owned by 0x8abC89D9.... Both are confirmed EOAs via Etherscan (no bytecode). Safe API returns 404 for both addresses. Docs confirm single 'Superstate Admin Address'; Turnkey named as key management provider but MPC threshold is not publicly attested. On-chain footprint is indistinguishable from a plain EOA.

Sources #

  • Docs
    Superstate Full DocumentationSuperstate docs: 'various functions are gated behind the Superstate Admin Address calling them' and 'Facilitated by Turnkey'retrieved 2026-05-16
  • Etherscan
    USTB Proxy Upgrade Transaction Jul 2025USTB upgrade tx from=0xad309BB6f13074128b4F23EF9EA2fe8552AfCA83 to ProxyAdmin 0xb9d285DCaD879513DC9c1A3b2e0CCcB21c3c2146retrieved 2026-05-16

Methodology #

Read the effective admin/owner/upgrader role on deployed contracts and classify as: EOA / multisig / multisig+timelock / full DAO+timelock / immutable.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol superstate factor RD-F-025 score red collected_at 2026-05-16 00:06:37